From 9ed7dbcf2f06b8cdea0648a6dd18ebecbe987568 Mon Sep 17 00:00:00 2001 From: Tobias Kellner Date: Tue, 20 Oct 2015 17:25:11 +0200 Subject: Disabling of EC cipher suites not needed anymore --- .../gv/egiz/bku/spring/SSLSocketFactoryBean.java | 51 +--------------------- 1 file changed, 1 insertion(+), 50 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java index f49c1c17..a16265c9 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/spring/SSLSocketFactoryBean.java @@ -49,47 +49,6 @@ public class SSLSocketFactoryBean implements FactoryBean { private Configuration configuration; - //avoid ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey - private final String DEFAULT_DISABLED_CIPHER_SUITES = - "TLS_ECDH_ECDSA_WITH_NULL_SHA," + - "TLS_ECDH_ECDSA_WITH_RC4_128_SHA," + - "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDHE_ECDSA_WITH_NULL_SHA," + - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA," + - "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDH_RSA_WITH_NULL_SHA," + - "TLS_ECDH_RSA_WITH_RC4_128_SHA," + - "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDHE_RSA_WITH_NULL_SHA," + - "TLS_ECDHE_RSA_WITH_RC4_128_SHA," + - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," + - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256," + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," + - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,"+ - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," + - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384," + - "TLS_ECDH_anon_WITH_NULL_SHA," + - "TLS_ECDH_anon_WITH_RC4_128_SHA," + - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA," + - "TLS_ECDH_anon_WITH_AES_128_CBC_SHA," + - "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"; - public static final String SSL_PROTOCOL = "SSL.sslProtocol"; public static final String SSL_DISABLE_ALL_CHECKS = "SSL.disableAllChecks"; @@ -103,12 +62,6 @@ public class SSLSocketFactoryBean implements FactoryBean { public boolean disableAllSslChecks() { return configuration.getBoolean(SSL_DISABLE_ALL_CHECKS, false); } - - public String[] getDisabledCipherSuites() { - String suites = configuration.getString(SSL_DISABLED_CIPHER_SUITES, - DEFAULT_DISABLED_CIPHER_SUITES); - return suites.split(","); - } } /** @@ -148,9 +101,7 @@ public class SSLSocketFactoryBean implements FactoryBean { SSLContext sslContext = SSLContext.getInstance(configurationFacade.getSslProtocol()); sslContext.init(null, new TrustManager[] {pkiTrustManager}, null); - SSLSocketFactory ssf = sslContext.getSocketFactory(); - - return new InternalSSLSocketFactory(ssf, configurationFacade.getDisabledCipherSuites()); + return sslContext.getSocketFactory(); } @Override -- cgit v1.2.3